On 20/04/2013 10:42 a.m., babajaga wrote:
I did not find a solution to a similar problem like yours for my proxy, to
limit the daily/monthly download limit for the users, identified with basic
auth.
I wrote a simple external helper, analyzing the access log. Every user, who
exceeds his limit, is entered into a simple textfile, which contains the
list of users, to be denied access despite being authorized.
When access is denied, a special error page is displayed.
Every update of the textfile, however, needs a "squid -k reconfigure" to be
effective.
This would be why Wiktor (and many others) choose to use a database to
store that information instead of a text file.
So it depends upon number of users, exceeding their limit, whether this
might be noticable or not.
For my requirements, it can be tolerated. Otherwise, the external helper
must be smarter, to check the DB directly. Or even caching invalidated
users.
Wiktor,
you need a combo of basic_db_auth helper configured to check the
bandwidth as a condition of authentication, along with a traffic monitor
(possibly log daemon) updating the database constantly as users consume
their bandwidth.
Note that this will not terminate clients immediately on exceeding their
bandwidth, only reject new requests after the limit is reached. Be ware
of CONNECT requests which contain entire HTTPS "sessions" or
long-polling chart sessions on sites like facebook and Google+. They may
run for days without needing any sort of checks to be done by Squid.
Amos
